Close Encounters of the ICMP Type 2 Kind (Near Misses with ICMPv6 Packet Too Big (PTB))
RFC 7690

Note: This ballot was opened for revision 04 and is now closed.

(Benoît Claise) Yes

(Brian Haberman) Yes

Comment (2015-10-14 for -04)
No email
send info
Given the current state of affairs, I think this is a quite useful document.  I just have a question for my own knowledge.

Is there any data that indicates how many of these PTB messages are due to tunneling?

(Jari Arkko) No Objection

Comment (2015-10-15 for -04)
No email
send info
Thanks for a useful document.

I'd probably have expanded ECMP in the abstract, and included a reference to the relevant RFC in Section 1.

(Alia Atlas) No Objection

Deborah Brungard No Objection

(Ben Campbell) No Objection

Comment (2015-10-14 for -04)
No email
send info
I agree with Spencer's comment about not using the word "Ideally" when talking about payload inspection.

(Spencer Dawkins) No Objection

Comment (2015-10-13 for -04)
No email
send info
In section 3, "Mitigation", I'm reading this.

   Mitigation of the potential for PTB messages to be mis-delivered
   involves ensuring that an ICMPv6 error message is distributed to the
   same anycast server responsible for the flow for which the error is
   generated.  Ideally, mitigation could be done by the mechanism hosts
               ^^^^^^^
   use to identify the flow, by looking into the payload of the ICMPv6
   message (to determine which TCP flow it was associated with) before
   making a forwarding decision.  Because the encapsulated IP header
   occurs at a fixed offset in the ICMP message it is not outside the
   realm of possibility that routers with sufficient header processing
   capability could parse that far into the payload.  Employing a
   mediation device that handles the parsing and distribution of PTB
   messages after policy routing or on each load-balancer/server is a
   possibility.
   
Most of the document is about using other mitigations that make this mitigation unnecessary, but it's still a bit odd to see Deep Packet Inspection characterised as "ideally", now that RFC 7258 is now BCP 188, and we've chartered TCPINC to make that DPI fail as often as possible. 

Could that one word go away?

I see in email that Fred asked if any reviews were needed before submitting this draft for publication, and David Black suggested reviews from INT and TSV, and that made it as far as the shepherd writeup, but I'm not seeing a request for review popping up in TSV (at least not with "PMTUD" and "V6OPS" in an e-mail). I don't have concerns about this particular draft, but I wish it hadn't slipped through that particular crack. 

Yes, Fred copied TSVWG and TSVAREA on his note asking for guidance, and yes, there was an IETF Last Call, so I'm not hitting "Defer" to chase that. Just something to watch for, in the future.

And yes, Martin and I have a call set up to talk with the TSVdir triage team next week ...

(Stephen Farrell) No Objection

Barry Leiba No Objection

(Terry Manderson) No Objection

Comment (2015-10-15 for -04)
No email
send info
Really nice document, Thanks for writing it!

(Kathleen Moriarty) No Objection

Comment (2015-10-14 for -04)
No email
send info
The following sentence int he Security Considerations section is hard to read, can you adjust it?

  The proxy replication results in devices not associated with the flow
   that generated the PTB being recipients of an ICMPv6 message which
   contains a fragment of a packet.

Alvaro Retana No Objection

(Martin Stiemerling) No Objection

(Joel Jaeggli) (was Abstain) Recuse

Comment (2015-10-12 for -04)
No email
send info
it's mine, what can I say.